Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
accessing internal web server with external IP
- Thread starter rha298
- Start date
There are two ways to fix this:
1) Create a split brain DNS setup within your environment. Add a zone that identically mirrors your publicly hosted domain and create all of the necessary Host (A) records
or (preferred)
2) Alter your static NAT entry for this server like so:
The dns keyword will rewrite the dns response. Here's a good link from Cisco regarding this:
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
1) Create a split brain DNS setup within your environment. Add a zone that identically mirrors your publicly hosted domain and create all of the necessary Host (A) records
or (preferred)
2) Alter your static NAT entry for this server like so:
Code:
Pix(config)# static (inside,outside) <outside_ip> <inside_ip> netmask 255.255.255.255 [b]dns[/b]I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
- Thread starter
- #3
Thanks for the reply.
I saw that link and as soon as I saw ASA Version 7.2(1) I backed away since I'm have a old PIX 520 running 6.3 (5)
I had decided to run with option #1 until I replace the PIX with newer hardware.
Thanks again
I think I'm going to like this place!!
I saw that link and as soon as I saw ASA Version 7.2(1) I backed away since I'm have a old PIX 520 running 6.3 (5)
I had decided to run with option #1 until I replace the PIX with newer hardware.
Thanks again
I think I'm going to like this place!!
Supergrrover
IS-IT--Management
If you use external dns you can also use the alias command
alias (inside) [External_IP] [Interal_IP] 255.255.255.255
or you can try dnat
Take a look at this -
Brent
Systems Engineer / Consultant
CCNP, CCSP
alias (inside) [External_IP] [Interal_IP] 255.255.255.255
or you can try dnat
Take a look at this -
Brent
Systems Engineer / Consultant
CCNP, CCSP
- Thread starter
- #6
Thanks for your input. I finally had a chance to try Cisco docs that were posted. I see it build the out bound connections but it got torn down "bytes 0 SYN Timeout"
Dec 11 16:35:46 pix Dec 11 2008 17:09:13: %PIX-6-302013: Built outbound TCP connection 129887714 for DMZ1:172.30.150.20/443 (x.x.x.x/443) to inside:172.16.4.109/2743 (172.30.150.20/2743)
Dec 11 16:36:10 pix Dec 11 2008 17:09:37: %PIX-6-302014: Teardown TCP connection 129887167 for DMZ1:172.30.150.20/443 to inside:172.16.4.109/2738 duration 0:02:02 bytes 0 SYN Timeout
Dec 11 16:37:48 pix Dec 11 2008 17:11:15: %PIX-6-302014: Teardown TCP connection 129887714 for DMZ1:172.30.150.20/443 to inside:172.16.4.109/2743 duration 0:02:01 bytes 0 SYN Timeout
Dec 11 16:35:46 pix Dec 11 2008 17:09:13: %PIX-6-302013: Built outbound TCP connection 129887714 for DMZ1:172.30.150.20/443 (x.x.x.x/443) to inside:172.16.4.109/2743 (172.30.150.20/2743)
Dec 11 16:36:10 pix Dec 11 2008 17:09:37: %PIX-6-302014: Teardown TCP connection 129887167 for DMZ1:172.30.150.20/443 to inside:172.16.4.109/2738 duration 0:02:02 bytes 0 SYN Timeout
Dec 11 16:37:48 pix Dec 11 2008 17:11:15: %PIX-6-302014: Teardown TCP connection 129887714 for DMZ1:172.30.150.20/443 to inside:172.16.4.109/2743 duration 0:02:01 bytes 0 SYN Timeout
- Thread starter
- #7
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question